[VoiceOps] Phone auth for incoming calls?

Brandon Martin lists.voiceops at monmotha.net
Thu Aug 9 21:47:35 EDT 2018


On 08/09/2018 04:46 AM, Alex Balashov wrote:
> Yes, but until and unless your upstream supply chain is doing TLS and
> you can provide end-to-end security, it's a pointless waste of time.

There's also an argument to be made that I haven't seen brought up for 
protecting SIP registration credentials either by providing transport 
confidentiality for a conventional password/secret or by using TLS 
client certificates.  If you're at all worried about an adversary 
observing your actual comms, I'd be doubly worried about somebody 
stealing registration credentials and abusing them.

--
Brandon Martin


More information about the VoiceOps mailing list